Buffer Overflow
It is a condition when a program is writing data to the memory buffer and it overruns the buffer boundary and writes data to adjacent buffers.

SEH
SEH - Structured exception handler is a protection mechanism that was implemented to stop the abuse of buffer overflow, Unfortunately SEH can be abused by attackers by finding space enough to write data prior to SEH overwrite.

Working Of SEH
The Exception Handlers are linked to each other
They form a linked list chain on the stack and sit relatively close to the bottom of stack, When an exception occurs, windows retrieves the head of SEH chain walks through the list and tries to find the suitable handler to close the application properly, In this case, the buffer overflow opens 4444 port for reverse tcp/udp connection.

Facebook

Follow by Email

Categories

Lucideus is an Enterprise Cyber Security platforms company incubated from IIT Bombay and backed by Cisco's former Chairman and CEO John Chambers. It protects multiple Fortune 500 companies and governments around the world. The name Lucideus is derived from Lucifer (Satan) and Deus (God) as they are in the business of hacking for good.